Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

Cryptomator – The Easy Way to Securely Save Encrypted Files in Your Computer(s) and in the Cloud

If you want to keep a few secret documents or even applications, you need to encrypt them and hide them in your computer. If you have more than one computer (desktop, laptop, tablet, smartphone, etc.), you probably should have these secret, encrypted files automatically available on each computer and do that in such a manner that everything remains securely encrypted when copied to the other system(s). Even if you only use one computer, this software product will securely save your secret files in the cloud, providing backup copies in case your computer later gets crushed by an 18-wheeler or some other disaster strikes. You always need a backup, even for secret, encrypted files.

One free and open-source software product makes all this simple to accomplish. In fact, it is designed for maximum simplicity.

Cryptomator is available for Windows, Macintosh, Linux, Android, and Apple iOS (iPhone, iPad, and iPod touch) systems. Unfortunately, I cannot find a version for Chromebooks. Encrypted files saved on any one of the supported systems can later be retrieved and decrypted on any of the other systems. That is, you can save files on the Windows system at the office, later retrieve the files and decrypt them on a Macintosh at home, or even retrieve them from your tablet computer or smartphone and decrypt the saved files when traveling. The process is simple; almost no computer expertise is required to use Cryptomator every day.

Cryptomator will securely encrypt and save any sort of computer file anywhere on your computers’ hard drives. However, it becomes very useful when saved someplace where it will be copied to other systems, such as in Dropbox, Google Drive, iDrive, or similar file sharing services. Everything stored in Cryptomator remains secure during the entire process until it resides on your computer and you enter the decryption key (similar to a password only more secure).

For instance, let’s say you install Cryptomator on a Windows computer at the office and configure it to save all files in your Dropbox directory. The files will (optionally) be encrypted. You can later retrieve the file(s) from a Macintosh at home or from your Android phone while at a client site. You can decrypt the file(s) and use it normally. However, should an outside hacker or even one of your family members use your desktop computer to retrieve things from Dropbox, that person will not be able to read anything saved in your Cryptomator “vault” unless that person also knows the decryption key.

Should a hacker, family member, or anyone else ever manage to access your Cryptomator “vault,” all they will see is something that looks similar to this:

jkE,95$0nmdtcl**3$#

Not very useful, is it? However, when you enter the decryption key, everything is available to you in the original (unencrypted) format.

Cryptomator can store any computer file: text, word processing documents, spreadsheets, pictures, video, application programs, and more. It is perfect for storing financial information, bank account information, and the telephone number of your bookie. Not only are file contents encrypted, but file and folder names also get encrypted. No one can see your file names of “My Bank Account.xls” or anything similar. Instead, file names will look similar to “jkE,95$0nmdtcl**3$#” until you enter the encryption key.

is it secure? The Cryptomator web site states:

“Cryptomator provides a virtual drive. Add, edit, remove files as you’re used to with just any disk drive.

“Files are transparently en- and decrypted. There are no unencrypted copies on your hard disk drive. With every access on your files inside the virtual drive, Cryptomator will en- and decrypt these files on-the-fly.

“Currently WebDAV is our frontend of choice, as it is supported on every major operating system. WebDAV is an HTTP-based protocol and Cryptomator acts as a WebDAV server accepting so-called loopback connections on your local machine only. Whenever your file manager accesses files through this protocol, Cryptomator will process this request via the following layers.

“Masterkey Derivation

“Each vault has its own 256 bit encryption as well as MAC masterkey used for encryption of file specific keys and file authentication, respectively.”

Many more details are available at: https://cryptomator.org/security/architecture/.

Cryptomator is open-source software. That means that the source code is available to all and any programmer who is familiar with the programming language used can examine the source code, looking for bugs, “back doors,” or any other problems. Open source software is generally considered to be more secure than normal proprietary software created by an individual or by a corporation where the source code is kept secret. Even with Cryptomator’s open source code, qualified programmers still will be unable to “break into” your encrypted files and read them.

WARNING: Never forget your Cryptomator encryption key! If you ever forget the encryption key, there is no method of ever retrieving it unless you wrote it down someplace. Even the programmers that write the Cryptomator software cannot retrieve your encryption key. If you lose the encryption key or forget it, everything stored in Cryptomator will be lost forever!

The only “drawback” I found was really a product of my own carelessness. It seems that to securely encrypt files, you need to save the file someplace other than in Cryptomator, then go to wherever it is saved and drag-and-drop the file into the Cryptomator vault. If you attempt to save a file directly into the Cryptomator vault, it will be saved in UNencrypted format. To be sure, that fact is prominently mentioned in the Cryptomator web site. However, in my haste of downloading the product and trying it out, I overlooked that statement. Yes, it always pays to RTFM!

Now that I have read the documentation completely, I am vey happy with Cryptomator and I plan to use it for all my sensitive information.

Cryptomator for Windows, Macintosh, and Linux is available free of charge although the programmers do accept donations to help pay for the operating expenses of making the program available. (I downloaded it first without paying for it. After I used Cryptomator for a few hours, I went back tot he web site and contributed a modest donation.) Cryptomator for Apple iOS requires payment of $4.99 US and Cryptomator for Android requires a payment of $5.49 US before downloading, however.

NOTE: The prices for Android and Apple iOS are correct as of the date I wrote this article. However, they are listed as “sale prices” with a normal List Price of $9.49 US. Don’t be surprised if the price later reverts back to the List Price.

In my case, I first used Cryptomator on my desktop system and then later went back and donated funds before going to the app store for my Android phone and paying for and downloading that product. I would always suggest you pay for a product that you feel is useful and you plan to use on a regular basis.

I keep the encrypted vault in my Google Drive folder where it automatically gets copied to my other computers and all my sensitive information is available to me everywhere.

For more information about Cryptomator or to download the Windows, Macintosh, or Linux versions, go to: https://cryptomator.org/.

To download and install the Apple iOS or Android versions, go to your device’s app store and search for Cryptomator.

Categories: Encryption, Online Privacy & Security, Software

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.